Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- netskope: Dangerous Docs: Surge in Cloud-delivered Malicious Office Documents
- CIS: Cybersecurity Quarterly Fall 2020
- IBM: Ransomware 2020: Attack Trends Affecting Organizations Worldwide
- Craig Hays: Phishing with Worms – The Greatest Password Theft I’ve Ever Seen
- Fidelis: Remote Workforce: Ensuring Operations Move Forward in the New Normal
- Channelnomics: Cisco to Buy Portshift for Container, DevOps Security
- McAfee: Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
- US-CERT: Potential for China Cyber Response to Heightened US–China Tensions
- US DHS: October is National Cyber Security Awareness Month
- Microsoft: Digital Defense Report
- David Bianco: Raising the Tide: Driving Improvement in Security by Being a Good Human
Threat Research
- CrowdStrike: Getting the Bacon from Cobalt Strike’s Beacon
- CrowdStrike: Duck Hunting w/Falcon Complete Pt. 1: QakBot Malware Overview
- Proofpoint: TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
- Proofpoint: Emotet Makes Timely Adoption of Political and Elections Lures
- CIS: Top 10 Malware August 2020
- zscaler: Targeted Attacks on Oil and Gas Supply Chain Industries in the Middle East
- eset: XDSpy: Stealing government secrets since 2011
- Kaspersky: Looking for sophisticated malware in IoT devices
- Trend Micro: Cross Platform Modular Glupteba Malware Uses ManageX
- Symantec: Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
- Cisco Talos: LodaRAT Update: Alive and Well
- Intezer: IPStorm Now Has a Linux Malware
- US-CERT: Remote Access Trojan: SLOTHFULMEDIA
- Fireeye: Detecting Microsoft 365 and Azure Active Directory Backdoors
- Trustwave: Evasive URLs in Spam: Part 2
- Objective-See: Fin Fisher Filleted
- JP-CERT: BLINDINGCAN – Malware Used by Lazarus
- Positive Technologies: ShadowPad: new activity from the Winnti group
- VB2020: Another threat actor day…
Tools and Tips
- SpecterOps: Updates to Ghostwriter: UI and Operation Logs
- Cloudflare: Introducing API Shield
- Kaspersky: Why master YARA: from routine to extreme threat hunting cases
- SANS ISC: Analysis of a Phishing Kit
- red canary: Remapping Red Canary with ATT&CK sub-techniques
- expel: Performance metrics, part 1: Measuring SOC efficiency
- InQuest: InQuest Labs Year in Review
- Bushido Token: Analysing a Phishing C&C server
- F-Secure: Application-level Purple Teaming: A case study
- Snort: Converting custom Snort 2 rules for Snort 3 compatibility
- Nasreddine Bencherchali: Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
- Apr4h: CobaltStrikeScan: Scan files or process memory for CobaltStrike beacons and parse their configuration
- Hackers-Arise: Reverse Engineering Malware: Getting Started with Ghidra, Part 1
- Hurricane Labs: Using Stats in Splunk Part 1: Basic Anomaly Detection
- MISP: Create an import script for MISP , step-by-step tutorial
- GoDaddy: procfilter: A YARA-integrated process denial framework for Windows
- NTCore: 1-Minute Malicious VBA Deobfuscation (Video)
- Florian Roth: Ransomware Resistance
- Colin Hardy: Threat Hunting with Inquest Labs (Video)
Breaches, Government, and Law Enforcement
- U.S. DOT: Department of Treasury Releases Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments
- ZDNet: How a Chinese malware gang defrauded Facebook users of $4 million
- Business Insider: Hacker publishes students’ grades, private info after demanding ransom
- KuCoin: Cryptocurrency Exchange Loses Tagged for $150 million in Incident
- Healthcare IT News: UHS hospital chain hit with apparent ransomware attack
- Wired: Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency
- U.S. DOJ: United States Obtains Final Judgment and Permanent Injunction Against Edward Snowden
- Digital Shadows: Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?
- U.S. DOJ: ATM Skimming Group Arrested On Federal Charges
Vulnerabilities and Exploits
- Trend Micro: “Zerologon” and the Value of Virtual Patching
- Check Point: Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
- Cisco Talos: Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver
- US-CERT: Vulnerability Summary for the Week of September 21, 2020
- Palo alto Unit42: Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products
- Kevin Beaumont: In the wild exploitation of ZeroLogon detected over the internet on honeypot.
- Rapid7: Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
1 comment / Add your comment below